What is CVE-2014-9034?

CVE-2014-9034 is a vulnerability in Wordpress, classified under CWE-19. Published 2014-11-25.

Is CVE-2014-9034 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wordpress

CVE-2014-9034

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled duri…

EPSS: 0.802 (99.1th percentile) — read the EPSS interpretation.

Affected products

Wordpress — versions 3.8, 3.8.1, 3.8.2
N/a — versions n/a

Weakness classification (CWE)

CWE-19

Public proof-of-concept exploits

References

DSA-3085 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20141125 Re: WordPress 4.0.1 Security Release (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
1031243 (vdb-entry, x_refsource_SECTRACK)
MDVSA-2014:233 (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2014-9034?: CVE-2014-9034 is a vulnerability in Wordpress, classified under CWE-19. Published 2014-11-25.
Is CVE-2014-9034 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.